Experiencing Massive login wait times (GetCertificate)

We experienced some major issues with the login in our production environments over the past 2 Fridays and I would like to know if anyone has encountered the following or has any ideas to help us:

Background: We have PeopleSoft Finance, Enforcer, and HCM on the same servers in production. We are on http and not https. Our LDAP authentification was against Novell for years and since March 2008, LDAP is against Microsoft Active Directory.
On Friday July 4th at around noon, the login wait time suddenly spiked to between 3 to 5 minutes. Through "psadmin" on the app server, the login processes seemed to be stuck at GetCertificate. This lasted until we did the following: In PS Finance, we had authentification maps that were referring to 2 LDAP servers. I removed the 2nd LDAP server from each map and created new maps to hold just the 2nd LDAP server. This seemed to have fixed the problem. As soon as this was done in Finance, it unblocked all 3 PS systems and the login time was quick.

On Friday July 11 at about 3:30PM, the same issue occurred with the long login wait time. I changed our port numbers in the LDAP configuration from 389 to 3268 and from 636 to 3269. Again, the problems seems to be fixed.

Now, I am anxiously awaiting this Friday afternoon to see if we encounter the same login problem. In the previous Fridays, we did not change any settings and do not understand why the LDAP authentification worked for so long and then suddenly started to misbehave.
Any ideas or suggestions would be greatly appreciated.

Popular White Paper On This Topic

I wcould start looking at ldap server logs. Do you see similer issue with any other application? When you get authentication issue, try to login to any server/ application which uses ldap authentication.
If your appserver is a unix system you can use following commands to troubleshoot

From what I have been told by my Active Directory guru, all other applications have had no problem with authentification (e.g. Outlook); they are using ports 389 and 636, while for PeopleSoft Finance, Enforcer, and HCM, I changed them to 3268 and 3269 to "fix" the login problem.
Our app server is on Linux. Siva, I don't see your troubleshooting commands.

we had a like issue (tools 8.22 against MS AD) which after clearing cache, chasing logs on PS and AD, "reconfiguring" the app server domain (clears out PSTUXCFG), was finally resolved by recreating the app server domain. once tuxedo had a clean slate, the GetCertficate processes flew.